git.ipfire.org Git - thirdparty/nftables.git/commit

doc: fix/improve documentation of verdicts

- Clarify that a terminating statement also prevents the execution of later
  statements in the same rule and give an example about that.
- Correct that `accept` won’t terminate the evaluation of the ruleset (which is
  generally used for the whole set of all chains, rules, etc.) but only that of
  the current base chain (and any regular chains called from that).
  Indicate that `accept` only accepts the packet from the current base chain’s
  point of view.
  Clarify that not only chains of a later hook could still drop the packet, but
  also ones from the same hook if they have a higher priority.
- Various other minor improvements/clarifications to wording.

Link: https://lore.kernel.org/netfilter-devel/3c7ddca7029fa04baa2402d895f3a594a6480a3a.camel@scientia.org/T/#t
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
Signed-off-by: Florian Westphal <fw@strlen.de>

author	Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
	Fri, 24 Oct 2025 01:36:45 +0000 (03:36 +0200)
committer	Florian Westphal <fw@strlen.de>
	Thu, 30 Oct 2025 22:05:01 +0000 (23:05 +0100)
commit	2a97a7aa35d65b232b53306ecc958f5777836a51
tree	ecb523f49807445482eb5db47cee8e37edfa7b4e	tree \| snapshot
parent	2c6363fb2b6dca8ee7640b6ee6b65a60e8e4d53a	commit \| diff

doc/nft.txt		diff \| blob \| blame \| history
doc/statements.txt		diff \| blob \| blame \| history